Deploy the Stack in AWS Using a CloudFormation Template

Step 1

Prepare the template.

1. Clone the github repository to your local folder. See https://github.com/CiscoDevNet/cisco-ftdv/tree/master/cluster/aws.

2. Modify infrastructure.yaml and deploy_ngfw_cluster.yaml with the required parameters.

3. Modify cloud-clustering/ftdv-cluster/lambda-python-files/Configuration.json with initial settings.

   For example:

   
   {
     "licenseCaps": ["BASE", "MALWARE", "THREAT"],
     "performanceTier": "FTDv50",
     "fmcIpforDeviceReg": "DONTRESOLVE",
     "RegistrationId": "cisco",
     "NatId": "cisco",
     "fmcAccessPolicyName": "AWS-ACL"
   }
   

   • Keep the fmcIpforDeviceReg setting as DONTRESOLVE.

   • The fmcAccessPolicyName needs to match an access policy on the management center.

   Note	FTDv5 and FTDv10 tiers are not supported.

4. Create a file named cluster_layer.zip to provide essential Python libraries to Lambda functions.

   We recommend to use the Amazon Linux with Python 3.9 installed to create the cluster_layer.zip file.

   Note	If you need an Amazon Linux environment, you can create an EC2 instance using Amazon Linux 2023 AMI or use AWS Cloudshell, which runs the latest version of Amazon Linux.

   For creating the cluster-layer.zip file, you need to first create requirements.txt file that consists of the python library package details and then run the shell script.

   1. Create the requirements.txt file by specifying the python package details.

      The following is the sample package details that you provide in the requirements.txt file:

      $ cat requirements.txt 
      pycryptodome
      paramiko
      requests
      scp
      jsonschema
      cffi
      zipp
      importlib-metadata

   2. Run the following shell script to create cluster_layer.zip file.

      $ pip3 install --platform manylinux2014_x86_64 
      --target=./python/lib/python3.9/site-packages 
      --implementation cp --python-version 3.9 --only-binary=:all: 
      --upgrade -r requirements.txt
      $ zip -r cluster_layer.zip ./python

   Note	If you encounter a dependency conflict error during installation, such as urllib3 or cryptography, it is recommended that you include the conflicting packages along with their recommended versions in the requirements.txt file. After that, you can run the installation again to resolve the conflict.

5. Copy the resulting cluster_layer.zip file to the lambda python files folder.

6. Create the cluster_manager.zip and cluster_lifecycle.zip files.

   A make.py file can be found in the cloned repository. This will zip the python files into a Zip file and copy to a target folder.

   python3 make.py build

Step 2

Deploy infrastructure.yaml and note the output values for cluster deployment.

1. On the AWS Console, go to CloudFormation and click Create stack; select With new resources(standard).

2. Select Upload a template file, click Choose file, and select infrastructure.yaml from the target folder.

3. Click Next and provide the required information.

4. Click Next, then Create stack.

5. After the deployment is complete, go to Outputs and note the S3 BucketName.

Step 3

Upload cluster_layer.zip, cluster_lifecycle.zip, and cluster_manager.zip to the S3 bucket created by infrastructure.yaml.

Step 4

Deploy deploy_ngfw_cluster.yaml.

1. Go to CloudFormation and click on Create stack; select With new resources(standard).

2. Select Upload a template file, click Choose file, and select deploy_ngfw_cluster.yaml from the target folder.

3. Click Next and provide the required information.

4. Click Next, then Create stack.

   The Lambda functions manage the rest of the process, and the threat defense virtuals will automatically register with the management center.

Step 5

Verify the cluster deployment by logging into any one of the nodes and using the show cluster info command.